[debian-mysql] Bug#984997: Bug#984997: Bug#984997: mariadb-server-10.5: database password passed in cleartext both on commandline and in environment
Olaf van der Spek
ml at vdspek.org
Tue Mar 16 07:14:02 GMT 2021
On Mon, Mar 15, 2021 at 2:33 PM <alexey.yurchenko at galeracluster.com> wrote:
> Speaking of environment, AFAIK on modern systems it can be read only by
> sufficiently privileged user, so I don't see how it is less secure than
> a file (which will have to have the same permissions as
> /proc/<PID>/environ). Could you elaborate how is it less secure than
> using --defaults-extra-file?
Environment data 'leaks' easier than file contents.
For example, when developing / debugging, one could easily copy/paste
all environment data, including the password (by accident), and post
it online when asking for help.
More information about the pkg-mysql-maint
mailing list